Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide dedicated option to query fake installed RPM packages with GPG keys associated with them #2404

Closed
Ricky-Tigg opened this issue Mar 1, 2023 · 5 comments
Closed

Provide dedicated option to query fake installed RPM packages with GPG keys associated with them #2404

Ricky-Tigg opened this issue Mar 1, 2023 · 5 comments
Assignees
@ffesti
Labels
easyfix RFE

Comments

@Ricky-Tigg
Copy link
Contributor

Hello. Fake RPM packages with GPG keys associated with them are taken in account while querying all installed packages.

$ rpm -qa | grep '^gpg-pubkey-' | wc -l
2

This ability to count such packages, which is useful, would be more to its advantage if queried on-demand and thus served by a dedicated option.
@pmatilai
Copy link
Member

pmatilai commented Mar 2, 2023

It's much faster to query by the name instead: rpm -q gpg-pubkey (and follow with whatever processing necessary)

@Ricky-Tigg
Copy link
Contributor Author

Fake package can be identifiable by the prefix gpg-pubkey- in its name; that's a knowledge assumed unknown from the user nor was assumed needed the knowledge of the definition of a fake package. Yet it is unusual for the vast majority of users (be they beginners or even advanced) to be put in situation of investigating what a fake package is. I came myself to read about fake package by accident. It was though implicit in the report that rpm -qa could be considered in its role by solely reporting by default non-fake installed packages.

@ffesti ffesti self-assigned this Oct 11, 2023
@ffesti
Copy link
Contributor

ffesti commented Oct 17, 2023

Right place for this would be the rpmkeys tool. There actually already is a - commented out - stub for --list-keys and --delete-key waiting for someone to come along and implement them.

@ffesti ffesti added this to RPM Oct 17, 2023
@github-project-automation github-project-automation bot moved this to Backlog in RPM Oct 17, 2023
@ffesti ffesti moved this from Backlog to Todo in RPM Oct 17, 2023
@ffesti
Copy link
Contributor

ffesti commented Oct 17, 2023

Also gpg-pubkey is not the prefix of the name but the actual name. Otherwise rpm -q gpg-pubkey wouldn't work. The other gibberish is the hash of the key stuffed in version and release to make it unique.

@ffesti ffesti removed their assignment Oct 17, 2023
@nwalfield nwalfield mentioned this issue Oct 17, 2023
Open
@ffesti ffesti self-assigned this Feb 20, 2024
@ffesti ffesti moved this from Todo to In Progress in RPM Feb 20, 2024
@ffesti ffesti moved this from In Progress to In Review in RPM Feb 21, 2024
@ffesti
Copy link
Contributor

ffesti commented Mar 6, 2024

Resolved with #2921

@ffesti ffesti closed this as completed Mar 6, 2024
@github-project-automation github-project-automation bot moved this from In Review to Done in RPM Mar 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ffesti ffesti

Labels
easyfix RFE
Projects
RPM
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ffesti @pmatilai @Ricky-Tigg